Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

95bcdb36ea...8b.exe

windows7-x64

10

95bcdb36ea...8b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    08/12/2023, 02:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b.exe

  • Size

    234KB

  • MD5

    a2d1a58f5ce44cab11865085de306c50

  • SHA1

    212505087b5c3bc7227433b04a9c89f1d2bc383d

  • SHA256

    95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b

  • SHA512

    e929f27110e4b3f4d1f758775b72a5d68c27038632bac6fb3abd5dab3bdafb48fc000a950977476901d4c8da72adbadbc1db5431ffb62146abbafb04e8b75b31

  • SSDEEP

    3072:izZlx1JDgntYBAdbTgB2DRcWNdysHG5tLUQf4e:OZlx1JDgntSubTgB2mWvyC9Qg

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.sgbumperscar.com
  • Port:
    587
  • Username:
    ptt-dennis@sgbumperscar.com
  • Password:
    cunduy123456789
  • Email To:
    s4tivar@yandex.com

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b.exe
    "C:\Users\Admin\AppData\Local\Temp\95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1188

Network

  • flag-us
    DNS
    api.ipify.org
    95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b.exe
    Remote address:
    8.8.8.8:53
    Request
    api.ipify.org
    IN A
    Response
    api.ipify.org
    IN CNAME
    api4.ipify.org
    api4.ipify.org
    IN A
    64.185.227.156
    api4.ipify.org
    IN A
    104.237.62.212
    api4.ipify.org
    IN A
    173.231.16.77
  • 64.185.227.156:443
    api.ipify.org
    tls
    95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b.exe
    385 B
     211 B
     5
    5
  • 8.8.8.8:53
    api.ipify.org
    dns
    95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b.exe
    59 B
     126 B
     1
    1

    DNS Request

    api.ipify.org

    DNS Response

    64.185.227.156
    104.237.62.212
    173.231.16.77

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1188-0-0x0000000000E10000-0x0000000000E50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1188-1-0x0000000074960000-0x000000007504E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1188-2-0x0000000004A90000-0x0000000004AD0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1188-3-0x0000000074960000-0x000000007504E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1188-4-0x0000000004A90000-0x0000000004AD0000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.